lpksetup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

lpksetup.exe
Size

723KB
MD5

58c264b644d2d2ed84a1f718656b932c
SHA1

dab1c9d94264957b220847e6a6b07c8d809ba0e2
SHA256

309a950f54730c5bcf80c8fb5be8807595f1b6f5b1547f8d96750496aa89eed8
SHA512

92599ec5147893b3b2b4678c9abc003d6bc0f9751371f71585265d16c0178fd3baf05ee22a14858f0ac0483a91681f2d48d472b92d55b8829270f8cf94a274d8
SSDEEP

12288:65ZOfRjtgjHwzCrmhtH6m1mq3cXsaRVctNS2I3OyfndmLh:ffVtgszCrm76mEq3cXJRVWNSNOemd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
lpksetup.exe

Files

lpksetup.exe
.exe windows x64

8062189214b8f9c90df59d9e15e24a58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventWriteTransfer
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
InitiateShutdownW
EventUnregister
EventRegister
RegQueryInfoKeyW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
InitializeSecurityDescriptor
CreateWellKnownSid
SetEntriesInAclW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegDeleteKeyW
RegGetValueW
RegEnumValueW
RegDeleteTreeW
OpenProcessToken
LookupPrivilegeValueW
PrivilegeCheck
AdjustTokenPrivileges

kernel32

OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
TerminateThread
GetWindowsDirectoryW
K32EnumProcesses
OpenProcess
QueryFullProcessImageNameW
GetExitCodeProcess
Sleep
MulDiv
WaitForMultipleObjectsEx
CreateEventW
SetEvent
CreateMutexW
CreateThread
GetLocaleInfoEx
GetVersionExW
LocalFree
CreateFileW
WriteFile
GetLocalTime
RaiseException
FreeLibrary
HeapSetInformation
ExitProcess
LoadLibraryW
GetCommandLineW
GetModuleFileNameW
LoadLibraryExW
GetFileAttributesW
GetFileAttributesExW
GetTickCount64
GetSystemTimeAsFileTime
GetNativeSystemInfo
GetLocaleInfoW
GetSystemDefaultUILanguage
GetProductInfo
LocaleNameToLCID
EnumUILanguagesW
GetUserPreferredUILanguages
SetProcessPreferredUILanguages
NotifyUILanguageChange
GetExitCodeThread
GetDiskFreeSpaceExW
EnterCriticalSection
LeaveCriticalSection
GetTempPathW
CreateProcessW
CreateDirectoryW
GetFileInformationByHandle
FindFirstFileW
DeleteFileW
FindNextFileW
RemoveDirectoryW
FindClose
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages
GetCurrentProcess
GetUILanguageInfo
IsValidLocaleName
GetSystemDirectoryW
GetFileMUIPath
GetSystemInfo
OutputDebugStringW
GetLastError
FormatMessageW
ReleaseMutex
WaitForSingleObjectEx
GetVersionExA
VirtualAlloc
VirtualFree
VirtualProtect
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
GetModuleHandleExW
ReleaseSemaphore
SetLastError
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
VirtualQuery

gdi32

SelectObject
SetTextColor
SetBkMode
CreateRectRgn

user32

UnregisterClassA
ExitWindowsEx
LoadIconW
SetActiveWindow
GetAncestor
ShowWindow
GetWindowLongW
GetFocus
SetWindowLongW
GetDlgCtrlID
SendDlgItemMessageW
GetDlgItem
EnableWindow
GetDlgItemTextW
PostMessageW
SetForegroundWindow
FindWindowW
SetDlgItemTextW
CharUpperW
DispatchMessageW
LoadCursorW
SetCursor
TranslateMessage
DestroyWindow
MapWindowPoints
SetWindowLongPtrW
GetWindowLongPtrW
DestroyIcon
LoadImageW
GetSystemMetrics
EndPaint
DrawTextW
BeginPaint
InvalidateRect
SendNotifyMessageW
RegisterWindowMessageW
SetTimer
KillTimer
SystemParametersInfoW
PostThreadMessageW
GetMessageW
CharNextW
UnregisterClassW
AllowSetForegroundWindow
RegisterClassExW
DefWindowProcW
MessageBoxW
GetWindowRect
SetWindowPos
GetClientRect
SetWindowRgn
GetSysColor
SendMessageW
GetParent
LoadStringW
CreateWindowExW

msvcrt

??0exception@@QEAA@AEBQEBDH@Z
_callnewh
_CxxThrowException
__uncaught_exception
_errno
__pctype_func
free
___lc_handle_func
___lc_codepage_func
__mb_cur_max
setlocale
___mb_cur_max_func
__crtLCMapStringW
_wsetlocale
strcspn
memchr
__crtGetStringTypeW
abort
memset
_wgetcwd
_onexit
__dllonexit
wcscpy_s
wcscat_s
_unlock
_lock
wcsncpy_s
?terminate@@YAXXZ
_commode
localeconv
_fmode
_wcmdln
rand
_initterm
towlower
__setusermatherr
_cexit
_exit
tolower
_wgetenv
exit
__set_app_type
wcschr
__wgetmainargs
_amsg_exit
sprintf_s
_wcsicoll
fclose
_wcsnicmp
fgetws
_wfopen
wcstol
wcstoul
_wcsicmp
??1type_info@@UEAA@XZ
malloc
memmove
memcpy
ceil
towupper
iswctype
iswspace
toupper
_isctype
memmove_s
??0exception@@QEAA@AEBQEBD@Z
?what@exception@@UEBAPEBDXZ
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
_vsnwprintf
__C_specific_handler
__CxxFrameHandler3
_XcptFilter
wcsstr
wcscmp

shell32

ord51
ShellExecuteExW
SHGetDataFromIDListW
SHBrowseForFolderW
SHCreateItemInKnownFolder
ord28
SHGetPathFromIDListW
SHBindToFolderIDListParent
SHGetIDListFromObject

shlwapi

ord158
StrStrNW
StrStrIW
StrCmpIW
PathFileExistsW
PathRemoveFileSpecW
StrRetToStrW
ord219
PathMatchSpecExW
PathIsDirectoryW
PathRemoveBackslashW
PathFindExtensionW

oleaut32

SysFreeString
VariantClear
VariantInit
SysStringLen
RegisterTypeLi
LoadTypeLi
UnRegisterTypeLi
SysAllocString

api-ms-win-core-com-l1-1-0

CoInitializeEx
CoUninitialize
CoTaskMemFree
StringFromGUID2
CoSetProxyBlanket
CoRegisterClassObject
CoResumeClassObjects
CoRevokeClassObject
CoSuspendClassObjects
CoInitializeSecurity
CoGetCallContext
CoWaitForMultipleHandles
CoCreateInstance

api-ms-win-core-path-l1-1-0

PathCchCombine
PathCchAppend
PathCchCanonicalize

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-processthreads-l1-1-0

GetStartupInfoW
TerminateProcess

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlCaptureContext
RtlLookupFunctionEntry

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
AcquireSRWLockExclusive

api-ms-win-core-synch-l1-2-0

SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-heap-l2-1-0

LocalAlloc

comctl32

ord344
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
ord345
CreatePropertySheetPageW
PropertySheetW
ord17

dpx

DpxNewJob

ntdll

RtlGetUILanguageInfo
RtlNtStatusToDosError
RtlpSetPreferredUILanguages
NtIsUILanguageComitted
NtGetMUIRegistryInfo
RtlGetNtProductType

ole32

CoInitialize
CoGetObject

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8062189214b8f9c90df59d9e15e24a58

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

shell32

shlwapi

oleaut32

api-ms-win-core-com-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-heap-l2-1-0

comctl32

dpx

ntdll

ole32

Sections

.text Size: 472KB - Virtual size: 471KB

.rdata Size: 116KB - Virtual size: 116KB

.data Size: 2KB - Virtual size: 22KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 472KB - Virtual size: 471KB

.rdata
Size: 116KB - Virtual size: 116KB

.data
Size: 2KB - Virtual size: 22KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 4KB - Virtual size: 3KB